PL Using the monoalphabet ic cipher in Figure 8.3, encode the message ‘This is 
an easy problem.’* Decode the message “rmij’u uamu xyj." 


Problem 1 

The encoding of "This is an easy problem'* is "iiasi si my cmiw lokngch'*. 
The decoding of "nnij'u uamu xyj'* is '"wasn't that fun'*. 


P2. Show that Trudy’s known-plaintext attack, in which she knows the 

(ciphertext, plaintext) translation pairs for seven letters, reduces the num- 
ber of possible substitutions to be checked in the example in Section 8.2.1 
by approximately KT. 

Problem 2 

If Trudy knew that the words "bob'" and "alice" appeared in the text, then she would 
know the ciphertext for b.o.a.l.i.c.e (since "bob' 1 is the only palindrome in the message, 
and “alice" is the only 5 -letter word. If Trudy knows the ciphertext for 7 of the letters, 
then she only needs to try 19!, rather than 26!. plaintext-ciphertext pairs. The difference 
between 19! and 26! is 26*25 *24... : *20, which is 3315312000. or approximately IQ 9 . 


P3. Consider the polyalphabetic system shown in Figure 8.4. Will a chosen- 
plaintext attack that is able to get the plaintext encoding of the message “The 
quick brow n fox jumps over the lazy dog.” be sufficient to decode all mes- 
sages? W hy or why not? 

Problem 3 

Every letter in the alphabet appears hi the phrase "The quick fox jumps over the lazy 
brown dog."* Given this phrase hi a chosen plaintext attack (where the attacker has both 
the plain text, and the ciphertext), the Caesar cipher would be broken - the intruder would 
know the ciphertext character for every plaintext character. However, the Vigenere 
cipher does not ahvay translate a given plaintext character to the same ciphertext 
character eacli time, and hence a Vigenere cipher would not be immediately broken by 
this chosen plaintext attack. 


P4. Consider the block cipher in Figure 8.5. Suppose that each block cipher T i 
simply reverses the order of the eight input bits (so that, for example. 

1 1 1 10000 becomes 00001 111). Further suppose that the 64-bit scrambler 
does not modify any bits (so that the output value of the mth bit is equal to 
the input value of the with bit), (a) With n = 3 and the original 64-bit input 
equal to 10100000 repeated eight times, what is the value of the output? 

(b) Repeat part (a) but now change the last bit of the original 64-bit input 
from a 0 to a 1 . (c) Repeat parts (a) and (b) but now suppose that the 64-bit 
scrambler inverses the order of the 64 bits. 

Problem 4 

a) The output is equal to 0000010 1 repeated eight tunes, 

b) The output is equal to 00000101 repeated seven times + 10000101. 

c) We have (ARBRCR)R = CBA. where A. B. C are strings, and R means inverse 
operation, Thus: 

1. For (a), the output is 10100000 repeated eight times: 

2. For (b). the output is 10100001 + 10100000 repeated seven tunes. 


P5. Consider the block cipher in Figure 8.5. For a given "key” Alice and Bob 
would need to keep eight tables, each 8 bits by 8 bits. For Alice (or Bob) 
to store all eight tables, how many bits of storage are necessary? How does 
this number compare with the number of bits required for a full-table 64- 
bit block cipher? 


Problem 5 

a) There are 8 tables, Each table has 28 entries. Each entry has 8 bits. 

number of tables size of each table * size of each entry = 8*28* 8= 214 bits 

b) There are 264 entries. Each entry has 64 bits. 271 bits 


P6. Consider the 3-bit block cipher in Table 8. 1 . Suppose the plaintext is 

100100100. (a) Initially assume that CBC is not used. What is the resulting 


ciphertext? (b) Suppose Trudy sniffs the ciphertext. Assuming she knows that 
a 3-bit block cipher without CBC is being employed (but doesn't know the 
specific cipher), w hat can she surmise? (c) Now suppose that CBC is used 
w ith IV = 1 1 1. What is the resulting ciphertext? 


Problem 6 

a) 100100100 =>01 1011011 

b) Trudy will know the three block plaintexts are the same. 

c) c(i) = KS(m(i) XOR c(i- 1 )) 

c(l) = KS(100 XOR 1 1 1) = KS (01 1) = 100 
c(2) = KS(100 XOR 100 ) = KS (000) = 110 
c(l) = KS(100 XOR 110) = KS (010) = 101 


P8. Consider RSA with p = 5 and q = 1 1 . 

a. What are n and z? 

b. Let e be 3. Why is this an acceptable choice for el 

c. Find d such that de = I (mod z) and d < 160. 

d. Encrypt the message m = 8 using the key (n. e). Let c denote the corre- 
sponding ciphertext. Show' all w'ork. Hint: To simplify the calculations, 
use the fact: 


Problem 8 

p = 5. q = 11 

a) n = p*q = 55. z = (p-l)(q-l) = 40 

b) e = 3 is less than n and has no common factors with z. 

c) d = 27 

d) in = 8. me = 512. Ciphertext c= me mod n = 17 


P9. In this problem, we explore the Diffie-Hellman (DH) public-key encryption 
algorithm, which allows two entities to agree on a shared key. The 
DH algorithm makes use of a large prime number p and another large number 
g less than p. Both p and g are made public (so that an attacker would know 
them). In DH. Alice and Bob each independently choose secret keys, S A and 
respectively. Alice then computes her public key, 7^, by raising g to S A and 
then taking mod p. Bob similarly computes his ow n public key T B by raising g 
to S R and then taking mod p. Alice and Bob then exchange their public keys 
over the Internet. Alice then calculates the shared secret key 5 by raising T B to 
S A and then taking mod p. Similarly. Bob calculates the shared key S' by rais- 
ing T A to S B and then taking mod p. 

a. Prove that, in general, Alice and Bob obtain the same symmetric key, that 
is, prove S = S'. 

b. With p = 1 1 and g = 2, suppose Alice and Bob choose private keys S A = 5 
and S B = 12, respectively. Calculate Alice's and Bob's public keys, T A and 
T b . Show all work. 

c. Following up on part ( b), now' calculate S as the shared symmetric key. Show 
all work. 

d. Provide a timing diagram that shows how Diffie-Hellman can be attacked by 
a man-in-the-middle. The timing diagram should have three vertical lines, one 
for Alice, one for Bob, and one for the attacker Trudy. 


Problem 9 

Alice 

secrect key: Sa 

public key: Ta = (j^Sa) mod p 

shared key: S = (Tb a Sa) mod p 


Bob 

Sb 

Tb = (g A Si) mod p 
S 1 = (T a a S b ) mod p 


a) S = (TB A SA ) mod p = ((g A SB mod p) A S A } mod p = (g^SBS A )) mod p 
= ((g^SA mod p) A SB ) mod p = (TA A SB ) mod p = S' 


(b and c)p = ll.g = 2 


Alice 


Bob 


secrect key: 
public key: 
shared key: 


Sa= 5 

Ta — (bASa) mod p = 10 
S = (Tb a Sa) mod p = 1 


S B = 12 

Tb = (g A Sfi) mod p = 4 
S' = (T a a S b ) mod p = 1 


Bob 


d) 

Alice Trudy 



The Diffie -Heilman public key encryption algorithm is possible to be attacked by man-iii- 
the -middle. 

1. In this attack. Trudy receives Alice’s public value (Ta) and sends her own public 
value (Tj) to Bob. 

2. When Bob transmits his public value (Tg’h Trudy sends her public key to Alice (Tj). 

3. Trudy and Alice thus agree on one shared key (Sat) and Trudy and Bob agree on 
another shared key (Sbt). 


4. After this exchange. Trudy simply decrypts any messages sent out by Alice or Bob by 
the public keys Sat and Sbt- 


